<?php
require_once 'db_config.php';
require_once 'cookie.php';
mysql_connect($host, $user, $pass);
mysql_select_db($dbase);
		
function insertUser(){
	
	$name = $_POST["name"];
	$vorname = $_POST["vorname"];
	$email = $_POST["email"];
	$street = $_POST["street"];
	$number = $_POST["number"];
	$plz = $_POST["plz"];
	$ort = $_POST["ort"];
	$tel = $_POST["tel"];
	$day = $_POST["day"];
	$month = $_POST["month"];
	$year = $_POST["year"];
	$passwort = $_POST["passwort"];
	$passwort2 = $_POST["passwort2"];

	if ($passwort == $passwort2 OR $email != "" OR $passwort != "" OR $name != "" OR $vorname != "" OR $day != "" OR $month != "" OR $year != ""){	
    	$result_select = mysql_query("SELECT * FROM user WHERE email='".mysql_real_escape_string($email)."'");
		$row = mysql_fetch_row($result_select); // mysql_fetch_row($result) gibt ein Array zurück mit allen Daten aus der Spalte in der die Email gleich $email ist
	    
	    if (!$row){ //  ... wenn die Email nicht gefunden wurde - "!$row" bedeutet mysql_fetch_row($result_select) lieferte kein Ergebnis
	    	$passwort = md5($passwort);
    		$sql = ("INSERT INTO user 
					(name, vorname, email, geburtsdatum, plz, ort, strasse, hausnr, telefon, passwort) 
					VALUES ('".mysql_real_escape_string($name)."', 
					'".mysql_real_escape_string($vorname)."', 
					'".mysql_real_escape_string($email)."', 
					'".mysql_real_escape_string($year)."-".mysql_real_escape_string($month)."-".mysql_real_escape_string($day)."', 
					'".mysql_real_escape_string($plz)."', 
					'".mysql_real_escape_string($ort)."', 
					'".mysql_real_escape_string($street)."', 
					".mysql_real_escape_string($number).", 
					'".mysql_real_escape_string($tel)."', 
					'".mysql_real_escape_string($passwort)."')");
    		$result_insert = mysql_query($sql);
        
        	if ($result_insert){
            	echo '<p>Benutzer <b>'.$email.'</b> wurde angelegt.</p>';
				exit;
        	}else{
        		echo '<p>Fehler beim Speichern des Benutzernames.</p>';
				exit;
        	}    
    	}else{
			echo '<p>Benutzername schon vorhanden.</p>';
        	exit;    
 		}    
	}else{
    	echo '<p>Bitte &uumlberpr&uumlfen sie ihre Eingaben</p>';
    	exit;
	}
}

function updateUser(){
	
	$name = $_POST["name"];
	$vorname = $_POST["vorname"];
	$email = $_POST["email"];
	$street = $_POST["street"];
	$number = $_POST["number"];
	$plz = $_POST["plz"];
	$ort = $_POST["ort"];
	$tel = $_POST["tel"];
	$day = $_POST["day"];
	$month = $_POST["month"];
	$year = $_POST["year"];
	$passwort = $_POST["passwort"];
	$passwort2 = $_POST["passwort2"];
	$id = $_COOKIE['id'];
	$pwtmp = $_COOKIE['pass'];

	if ($passwort == $passwort2 OR $email != "" OR $passwort != "" OR $name != "" OR $vorname != "" OR $day != "" OR $month != "" OR $year != ""){	
    		if ($pwtmp != $passwort){
    			$passwort = md5($passwort);
    		}else{
    			$passwort = $pwtmp;
    		}
	    	
    		$sql = ("UPDATE user SET 
						name = '".mysql_real_escape_string($name)."', 
						vorname = '".mysql_real_escape_string($vorname)."', 
						email = '".mysql_real_escape_string($email)."', 
						geburtsdatum = '".mysql_real_escape_string($year)."-".mysql_real_escape_string($month)."-".mysql_real_escape_string($day)."', 
						plz = '".mysql_real_escape_string($plz)."', 
						ort = '".mysql_real_escape_string($ort)."', 
						strasse = '".mysql_real_escape_string($street)."', 
						hausnr = ".mysql_real_escape_string($number).", 
						telefon = '".mysql_real_escape_string($tel)."', 
						passwort = '".mysql_real_escape_string($passwort)."'
						WHERE id = ".$id."");
    		$result_insert = mysql_query($sql);
        
        	if ($result_insert){
				if($passwort != $pwtmp || $email != $_COOKIE['email']){
					return '1';
				}
				else{
					return '2';
				}
        	}else{
				return '3';
        	}    
    	}else{
        	return '4';    
 		}    
	}
?>